[Emerging-Sigs] New Zeus thing?
jurg at jurg.no
Mon Sep 15 14:44:24 EDT 2014
Isn't this just a Chrome HEAD to a non-existing domain to check for ISP
On 15. sep. 2014 20:38, waldo kitty wrote:
> On 9/15/2014 10:09 AM, Packet Hack wrote:
>> HEAD / HTTP/1.1
>> Host: tdsitmqawom
>> Connection: keep-alive
>> Content-Length: 0
>> User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML,
>> like Gecko)
>> Chrome/37.0.2062.120 Safari/537.36
>> Accept-Encoding: gzip,deflate
>> Seeing this in conjunction with Zeus traffic.
> without a FQDN, could this thing be attempting to connect over some sort
> of VPN to other machines in the VPN? would this take the term "botnet"
> to a new level?
More information about the Emerging-sigs